Hi, Could someone please help me to filter this raw fields and extract it from a new field? I just need to gather "DUMP is complete" and convert it to a new field which is dump_status. Backup Server: 4.165.1.2: Using numzones of 3 for device /sybase//log_archives/ECP_trans_2019-07-19T15_15_01.dmp. Backup Server: 4.165.1.3: Using archcnt of 1 for device /sybase//log_archives/ECP_trans_2019-07-19T15_15_01.dmp. Backup Server: 4.165.1.4: Using dbdevcnt of 2 for device /sybase//log_archives/ECP_trans_2019-07-19T15_15_01.dmp. Backup Server: 4.166.1.4: Using pagesize of 16384 bytes for device /sybase//log_archives/ECP_trans_2019-07-19T15_15_01.dmp. Backup Server: 4.58.1.1: Database ECP: 34414 kilobytes DUMPED. Backup Server: 3.43.1.1: Dump phase number 3 completed. Backup Server: 4.58.1.1: Database ECP: 34436 kilobytes DUMPED. Backup Server: 3.42.1.1: DUMP is complete (database ECP). (return status = 0) completed Thank you! ... View more

Hi @stanwin I follow the steps you've provided. And tried to get the logs from _internal and this is what I saw. Would this mean that there is something wrong with the LDAP? If yes do you know what should we check? 2/26/19 9:15:46.797 PM 02-26-2019 21:15:46.797 +0000 DEBUG AuthenticationManagerLDAP - Attempting to get user information for user="galzaga!" from strategy="DxlMxxx_Host" Thank you! ... View more

Hi @stanwin What will be the fix for this? try to change it to debug and found that my user could not find in LDAP. 2/26/19 3:57:48.671 PM 02-26-2019 15:57:48.671 +0000 DEBUG AuthenticationManagerLDAP - Attempting to get user information for user="galzaga!" from strategy="Delmonte_LDAP_Backup" host = ip-172-21-3-163.dmfi.delmonte.com source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 2/26/19 3:57:11.265 PM 02-26-2019 15:57:11.265 +0000 ERROR UiAuth - user=galzaga! action=login status=failure reason=user-initiated useragent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36" clientip=172.21.3.47 host = ip-172-21-3-163.dmfi.delmonte.com source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 2/26/19 3:57:11.265 PM 02-26-2019 15:57:11.265 +0000 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="galzaga!" on any configured servers host = ip-172-21-3-163.dmfi.delmonte.com source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 2/26/19 3:57:11.265 PM 02-26-2019 15:57:11.265 +0000 INFO AuthenticationManagerLDAP - Could not find user="galzaga!" with strategy="DelMonte_LDAP" host = ip-172-21-3-163.dmfi.delmonte.com source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd ... View more

Hi @jensonthottian Where can I find _internal logs? I am having the same issue as well. With the error below upon checking /opt/splunk/var/log/splunk/audit.log 02-26-2019 14:46:03.762 +0000 INFO AuditLogger - Audit:[timestamp=02-26-2019 14:46:03.762, user=galzaga!, action=login attempt, info=failed, src=172.21.3.47][n/a] ... View more